28th Mar 2018 – 
So this is where you have to calculate: how many of the people on this drip tend to convert to sales? Sales worth how much?
If so…if some of the contacts you have in the pipeline right now, ended up there without “GDPR-proper” consent..
But just because someone’s off your list, doesn’t mean their data is “erased.”
If your contacts are valuable to you, put the effort in to make them feel that way.
The good people over at Econsultancy came up with an awesome quick test to determine whether or not your unsubscribe process is GDPR compliant.
The point here is to follow your copywriting best practices. A/B test your subject lines. Test different email lengths. Lead with a solid hook. Argue the benefits of sticking around. Automate based on their behavior if you have the capacity.
Re-permissioning Campaign Basics
But I’ll go through a few tactics I particularly like:
But wait…let’s back up for a second.
That leaves you a bit more copy-space to convince people to stick around.
Here’s what our level-headed friends at the ICO have to say:
This is a little particular, but know, too: deleting personal data means deleting it anywhere you’re storing it. If an email exists in mailchimp, and in your metrics spreadsheets, and in the google sheet generated from your form fill out, and in your Facebook custom audience—it has to be deleted all of those places.
1. First, evaluate.
But….all that aside, we’ve worked hard for consent to contact now.
And let’s face it—all this is for the best.
2. Start with what you have.
So we’ve more or less done the hard part. We’ve gotten proper consent to contact. Someone is safely, legally in our funnel.
So to have your bases covered—make sure you have a record of where a subjects data went accessible. Then reach out to any third parties involved (and keep a record of that, too).
All of it.
It has to go.
In their beautiful, straightforward words:
3. Incentivize
Getting folks who love you now, or loved you once, to say “I love you” again—has to be cheaper, and more time efficient than wooing a digital stranger.
Because every email is a sales email.
And how much cheaper would it be to keep someone on your list, than to get someone new on board?
It looks like a re-permissioning might campaign is in order.
The GDPR reinforces the right to erasure by clarifying that organisations in the online environment who make personal data public should inform other organisations who process the personal data to erase links to, copies or replication of the personal data in question.
4. Treat a re-permissioning email like a sales email.
Phew.
2. Delete it everywhere—within 30 days. You’re required to respond to Subject Access Requests (SARs) within a month of them being issued, according to GDPR’s Article 12. So make when you get a “delete me” email—you get on it.
So if your lists usually bring in repeat business, or jump on board to upsells, or convert at a relatively high rate—it might be time to woo ‘em once more.
“We noticed you’ve downloaded ___ and ___ from us. We’d love to keep sending you content like this, that we know you’ll find useful. But we need you to reconfirm, as we’re updating our privacy policies”—is compelling.
Your unsubscribe can also be:
So the challenge posed for marketers now is: you have to make it painless for a user to withdraw that consent—but also, make them not want to.
It applies to all your data. Even the data that you collected before, when the rules were different, and you were doing nothing wrong.
The Right to Erasure: Unsubscribes + Requests for Data Withdrawal
The long, cutesy, “break up” inspired copy.
No one wants an email list that gets you reported, time and time again, as spam.
Now before even running a test, I’m sure you can come up with a few ways most brands might be failing it.
(Or, in GDPR-speak, “ceasing further dissemination of data.”)Now there aren’t hard and fast rules here about what is, and what isn’t compliant. But Article 7 still applies: it has to be as easy to withdraw consent as to give it.
We wrote a full article on how to do the “ask again nicely” part here.
Now, I’m not saying your opt-out process has to be totally, “one click and you’re done.” Another way you can pass this test is not by weakening your opt-outs, but by strengthening your opt-ins.
Either way, now’s the time to look at all your email drips. Find their entry points. And if you did get proper consent—make sure you screenshot and note that for your records.
When you acquire personal data, you acquire it for specific purposes: ie. to send emails, to use cookies, to track IP addresses. So once someone hits “unsubscribe”—you lack the legal context required to hold onto their info.
Step 1. Sign up to your company’s email newsletter via a link on your website. How easy is it?
Step 2. Sign yourself up to receive email marketing using the opt-in at registration or checkout. How easy was that?
Step 3. Wait for the emails to land in your in-box. Find the unsubscribe option and opt-out. Count the clicks involved.
Step 4. Compare with your competitors.
Step 5. Now user test with a real customer (just in case you’re not being objective).
If you have disclosed the personal data in question to others, you must contact each recipient and inform them of the erasure of the personal data – unless this proves impossible or involves disproportionate effort. If asked to, you must also inform the individuals about these recipients.
A few more thing sto keep in mind:
No one wants to work to engage an audience that was never qualified in the first place.
Dealing with Unsubscribes
I know, I know. Having one goal, one CTA, per email is your best bet for conversions.
Did anything we talked about in Part 1 make you go “oh crap…we super have not been doing that”?
“Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data” (GDPR Key Changes).
Now opt-out laws for marketing emails are nothing new. But GDPR makes it universal, official, and enforceable.
Just as easily as someone can give consent under GDPR, they can take it away. You have to make this easy on them—and in all honesty, why wouldn’t you want to?
You’re a marketer. You know know what what works.
Second of all: I’m sure your opt-in process didn’t involve the selection of email frequency, or types of content. And it likely didn’t require you to scroll through all of that just to get to a “sign me up” button.
And presumably, if your sign up process looks like this:
First of all: ugh—come on. This is overdone, and almost never on brand for anyone. You have banks and luxury sunglasses and SaaS companies that all of a sudden want tell jokes. Your audience is about to say goodbye forever—and instead of reminding them of why they should value hearing from you, you do this?
This is the only thing about GDPR which genuinely pushes me to a tantrum.
I’d throw a PS to the end of your best emails now. Something along the lines of:
While GDPR doesn’t require you to have a double-opt in, it’s been a data-transparency best practice for a while.
Before you panic, make sure you actually need to re-permission these folks. Maybe your form language is all about “get the ebook”—and that’s a problem. But your double-opt in language saves you with a solid “confirm your email list sign up.”
- Submit form.
- Open email, click link confirm sign up.
But if you’re throwing your users a piece of content they might find useful, or a discount they’ll be grateful for—now is the time to remind them of what a good thing they have going.
- Click unsubscribe.
- Check email, click to confirm unsubscribe.
PS: Want to keep hearing about discounts like this? We’re updating our data processing policies to be more transparent. Opt back in here to keep receiving emails. No opt-in, no more exclusive deals, coupons, and tips.
Data Erasure: Some logistics
Now, the expectations of the law aren’t that you get that contact info deleted at all costs. No one wants you to hack into the email client of that one guy who did that one webinar and delete sam@leavemealone.com’s email address.
Among my least favorite is this:
So, if you had a pre-checked box in the past. Or lumped in email list subscriptions with webinar access—you’ve got a few options: ask for consent again nicely, or start gutting.
1. Third Parties. As you should already know—under GDPR, you have to get explicit permission to share contact info with third parties. You’re also expected to take action if your contact wants their data erased.
“Sign back up because GDPR is making us ask you to”—is not compelling.
Does your list convert at such a rate that an extra discount for re-opting in might be worthwhile? What about a content piece, specifically tailored to them? A perk, a membership, a closed off group, an audit, a course—but only if they re-opt-in now?
If they like what you have to offer, they might be more willing to stick around.
Why does your opt-out do that before the ”unsubscribe me?
To sum it up:
- GDPR applies to all your data. Even the data you collected legally, pre-GDPR. If you collected it in such a way that isn’t up to GDPR standards, consider a repermissioning campaign.
- It needs to be as easy for people to opt-out of your marketing campaigns, as to opt-into them. Double check both of your processes here.
- If a data-subject says they want their info deleted, you’ve got 30 days to do it. Have a process in place.
